sakula | 141a3ce082873add822095a0401e4d519b6ebadf71279e7dec74ed691c8c4a04 | Triage

Sharing

General

Target

141a3ce082873add822095a0401e4d519b6ebadf71279e7dec74ed691c8c4a04
Size

58KB
Sample

220212-fjlybshgdk
MD5

365dd511f42f5a06981bd1ded020d757
SHA1

887a534dc03e5c971ff44f0874ac6aa19aa5e9fe
SHA256

141a3ce082873add822095a0401e4d519b6ebadf71279e7dec74ed691c8c4a04
SHA512

db88520cd3ec70340aae7b90d4f62d725778e8accc1340d3c47b70d11515bba94f79d4602426747affe6e2ed21a02d841322af4774d1e4120aa4592bcec187a0

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  141a3ce082873add822095a0401e4d519b6ebadf71279e7dec74ed691c8c4a04
- Size
  
  58KB
- MD5
  
  365dd511f42f5a06981bd1ded020d757
- SHA1
  
  887a534dc03e5c971ff44f0874ac6aa19aa5e9fe
- SHA256
  
  141a3ce082873add822095a0401e4d519b6ebadf71279e7dec74ed691c8c4a04
- SHA512
  
  db88520cd3ec70340aae7b90d4f62d725778e8accc1340d3c47b70d11515bba94f79d4602426747affe6e2ed21a02d841322af4774d1e4120aa4592bcec187a0
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan